Mailing List Archive

> I would like to know if it is possible to write a program on a
> Unix box where it could automatically run some commands on a
> cisco devices (7200 series and 3500XL) like:
>
> enable
> conf t
> int fa0/1
> shut
> end

Expect, if nothing else, will do what you want - you can essentially control the telnet session from within a script. You can do much the same thing from Perl, Python, or some other scripting language of your choice - open a telnet connection to the box, log in and issue commands.

The danger is that your script will probably need to contain login information for the router, and in your example above the enable password.

Regards,
Tim.

--
Tim Franklin ____________
Project Engineer \C/\O/\L/\T/ EN&S -
T: +44 20 7863 5714 V V V V IP Services
F: +44 20 7863 5876

On Fri, 9 Aug 2002, [iso-8859-1] odusseus wrote:

> Hi,
>
> +----------------+
> | Unix box |
> | running a prog |
> +----------------+
> |
> |
> |
> |
> V
> +---------------------+
> | Cisco device |
> | (router or switche) |
> +---------------------+
>
>
> I would like to know if it is possible to write a program on a Unix box where it could automatically run some commands on a
> cisco devices (7200 series and 3500XL) like:
>
> enable
> conf t
> int fa0/1
> shut
> end
>

I know about at least two utilities - netcat and expect. Expect is much
more powerfull (can check results of commands - syntax error could stop
it) but harder to use. If you make sure the commands are correct I suggest
using netcat.

I use it like this:
nc ${address} 23 << END_OF_FILE
username
password
en
enable-password
conf t
int fa0/1
shut
end
wr
END_OF_FILE

> Thank you.
>
> Regards,
>
> Christophe
> ------------------------------------------
>
> Faites un voeu et puis Voila ! www.voila.fr
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

--
Michal Mertl
Specialist IP Service Development
KPNQwest Czechia s.r.o.
GTS Czech a.s.
Vinohradska 184
130 52 Praha 3
Tel.: +420 2 96157111
Fax: +420 2 96157444
e-mail: Michal.Mertl@kpnqwest.cz
____________________________________________
Poèínaje datem 1.5. 2002 do¹lo k provoznímu
slouèení spoleèností KPNQwest a GTS

You probably want RANCID - http://www.shrubbery.net/rancid/

-----Original Message-----
From: odusseus [mailto:odusseus@voila.fr]
Sent: Friday, August 09, 2002 7:59 AM
To: cisco-nsp
Subject: [nsp] Cisco commands automatically sent


Hi,

+----------------+
| Unix box |
| running a prog |
+----------------+
|
|
|
|
V
+---------------------+
| Cisco device |
| (router or switche) |
+---------------------+


I would like to know if it is possible to write a program on a Unix box
where it could automatically run some commands on a
cisco devices (7200 series and 3500XL) like:

enable
conf t
int fa0/1
shut
end

Thank you.

Regards,

Christophe
------------------------------------------

Faites un voeu et puis Voila ! www.voila.fr

_______________________________________________
cisco-nsp mailing list real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Hi,

If you use Perl you will find Net-Telnet and Net-Telnet-Cisco modules very
useful.

http://www.cpan.org

Regards,

Sergio.

-----Original Message-----
From: odusseus [mailto:odusseus@voila.fr]
Sent: 09 August 2002 16:59
To: cisco-nsp
Subject: [nsp] Cisco commands automatically sent


Hi,

+----------------+
| Unix box |
| running a prog |
+----------------+
|
|
|
|
V
+---------------------+
| Cisco device |
| (router or switche) |
+---------------------+


I would like to know if it is possible to write a program on a Unix box
where it could automatically run some commands on a
cisco devices (7200 series and 3500XL) like:

enable
conf t
int fa0/1
shut
end

Thank you.

Regards,

Christophe
------------------------------------------

Faites un voeu et puis Voila ! www.voila.fr

_______________________________________________
cisco-nsp mailing list real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

I use expect as well ... everything from password changes to major config
changes and netflow collection. There are a tonne of examples on the web ...
get the O'Reilly Expect book to help learn it. Also, I found a few ways to
encrypt password files on a unix box, and read that into the script when it
runs ... allowing you to help protect passwords better then clear text
passwords.


James MacDonald, CCNP
Senior Platform Manager, IP
Network Operations
AT&T Canada Corp.
370 King St W., 6th Floor
Toronto, ON M5V1J9
Ph: 416-204-5793
Fx: 416-204-5744
Emergency: 416-204-5700 (NMC Hotline)
Email: james.macdonald@attcanada.com


-----Original Message-----
From: Michal Mertl [mailto:mime@kpnqwest.cz]
Sent: Friday, August 09, 2002 11:28 AM
To: odusseus
Cc: cisco-nsp
Subject: Re: [nsp] Cisco commands automatically sent


On Fri, 9 Aug 2002, [iso-8859-1] odusseus wrote:

> Hi,
>
> +----------------+
> | Unix box |
> | running a prog |
> +----------------+
> |
> |
> |
> |
> V
> +---------------------+
> | Cisco device |
> | (router or switche) |
> +---------------------+
>
>
> I would like to know if it is possible to write a program on a Unix box
where it could automatically run some commands on a
> cisco devices (7200 series and 3500XL) like:
>
> enable
> conf t
> int fa0/1
> shut
> end
>

I know about at least two utilities - netcat and expect. Expect is much
more powerfull (can check results of commands - syntax error could stop
it) but harder to use. If you make sure the commands are correct I suggest
using netcat.

I use it like this:
nc ${address} 23 << END_OF_FILE
username
password
en
enable-password
conf t
int fa0/1
shut
end
wr
END_OF_FILE

> Thank you.
>
> Regards,
>
> Christophe
> ------------------------------------------
>
> Faites un voeu et puis Voila ! www.voila.fr
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

--
Michal Mertl
Specialist IP Service Development
KPNQwest Czechia s.r.o.
GTS Czech a.s.
Vinohradska 184
130 52 Praha 3
Tel.: +420 2 96157111
Fax: +420 2 96157444
e-mail: Michal.Mertl@kpnqwest.cz
____________________________________________
Poèínaje datem 1.5. 2002 do¹lo k provoznímu
slouèení spoleèností KPNQwest a GTS


_______________________________________________
cisco-nsp mailing list real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

>> I would like to know if it is possible to write a program on a Unix
>> box where it could automatically run some commands on a
>> cisco devices (7200 series and 3500XL) like:

You can do it using 'expect' and there is also a
program called 'cnct' that works something like

cnct -p password -c file_of_commands router

A search turns up this:

http://web.infoave.net/~anonymous/unix/README.CISCO

which also references a cisco-expect.shar,
written by one of the UUnet originals.

Searching for ccm.tar I found:

http://www.free.net/ftp/networking/management/cisco/

and the ccm.tar there appears to contain the correct cnct.
The C code is short enough so you can visually confirm
what it does.

-mark

Look into "expect" which is a simple scripting language that will execute
stuff based on text received from the other side (like a prompt sign)

On Fri, 9 Aug 2002, odusseus wrote:

> Hi,
>
> +----------------+
> | Unix box |
> | running a prog |
> +----------------+
> |
> |
> |
> |
> V
> +---------------------+
> | Cisco device |
> | (router or switche) |
> +---------------------+
>
>
> I would like to know if it is possible to write a program on a Unix box where it could automatically run some commands on a
> cisco devices (7200 series and 3500XL) like:
>
> enable
> conf t
> int fa0/1
> shut
> end
>
> Thank you.
>
> Regards,
>
> Christophe
> ------------------------------------------
>
> Faites un voeu et puis Voila ! www.voila.fr
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

Use perl module Net-Telnet-Cisco or rcmd

with regards
Tejal Shah

----- Original Message -----
From: "Tim Franklin" <tim@colt.net>
Date: Friday, August 9, 2002 8:49 pm
Subject: RE: [nsp] Cisco commands automatically sent

> > I would like to know if it is possible to write a
> program on a
> > Unix box where it could automatically run some
> commands on a
> > cisco devices (7200 series and 3500XL) like:
> >
> > enable
> > conf t
> > int fa0/1
> > shut
> > end
>
> Expect, if nothing else, will do what you want - you
> can essentially control the telnet session from within
> a script. You can do much the same thing from Perl,
> Python, or some other scripting language of your
> choice - open a telnet connection to the box, log in
> and issue commands.
>
> The danger is that your script will probably need to
> contain login information for the router, and in your
> example above the enable password.
>
> Regards,
> Tim.
>
> --
> Tim Franklin ____________
> Project Engineer \C/\O/\L/\T/ EN&S -
> T: +44 20 7863 5714 V V V V IP Services
> F: +44 20 7863 5876
>
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


Go To http://www.iqara.net

If you have many Cisco devices, RANCID would be a much better choice.

http://www.shrubbery.net/rancid/


-----Original Message-----
From: Michal Mertl [mailto:mime@kpnqwest.cz]
Sent: Friday, August 09, 2002 10:28 AM
To: odusseus
Cc: cisco-nsp
Subject: Re: [nsp] Cisco commands automatically sent


On Fri, 9 Aug 2002, [iso-8859-1] odusseus wrote:

> Hi,
>
> +----------------+
> | Unix box |
> | running a prog |
> +----------------+
> |
> |
> |
> |
> V
> +---------------------+
> | Cisco device |
> | (router or switche) |
> +---------------------+
>
>
> I would like to know if it is possible to write a program on a Unix box where it could automatically run some commands on a
> cisco devices (7200 series and 3500XL) like:
>
> enable
> conf t
> int fa0/1
> shut
> end
>

I know about at least two utilities - netcat and expect. Expect is much
more powerfull (can check results of commands - syntax error could stop
it) but harder to use. If you make sure the commands are correct I suggest
using netcat.

I use it like this:
nc ${address} 23 << END_OF_FILE
username
password
en
enable-password
conf t
int fa0/1
shut
end
wr
END_OF_FILE

> Thank you.
>
> Regards,
>
> Christophe
> ------------------------------------------
>
> Faites un voeu et puis Voila ! www.voila.fr
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

--
Michal Mertl
Specialist IP Service Development
KPNQwest Czechia s.r.o.
GTS Czech a.s.
Vinohradska 184
130 52 Praha 3
Tel.: +420 2 96157111
Fax: +420 2 96157444
e-mail: Michal.Mertl@kpnqwest.cz
____________________________________________
Poèínaje datem 1.5. 2002 do¹lo k provoznímu
slouèení spoleèností KPNQwest a GTS


_______________________________________________
cisco-nsp mailing list real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

I have used the Net::Telnet::Cisco perl module and it works well.
http://search.cpan.org/doc/JOSHUA/Net-Telnet-Cisco-1.10/Cisco.pm

Cisco and other companies also offer commercial tools for pushing
configuration changes to Cisco routers.

On Fri, Aug 09, 2002 at 04:58:30PM +0200, odusseus wrote:
> Hi,
>
> I would like to know if it is possible to write a program on a Unix box where it could automatically run some commands on a
> cisco devices (7200 series and 3500XL) like:
>
> enable
> conf t

--
=========================================================================
Clinton Work clinton@scripty.com
Calgary, Alberta

rancid has part of what you desire, the login and run commands portion.
you can augment it with expect script parts that perform the logic of
what commands where. eg:

cat >cmds
conf t
int s4/3
shut
end
^D
clogin -x cmds router

ni [132] clogin -x c shaggy
shaggy
spawn ssh -c 3des -x -l heas shaggy
heas@shaggy's password:

shaggy#
shaggy#term length 0
shaggy#conf t
Enter configuration commands, one per line. End with CNTL/Z.
shaggy(config)#in s4/3
shaggy(config-if)#shut
shaggy(config-if)#end
shaggy#
shaggy#exit
Connection to shaggy closed.

-x has limitations.

cat > cmds.expect
bunch-o ugly expect drivel
^D
clogin -s cmds.expect router

http://www.shrubbery.net/rancid/

example cmds.expect scripts comes with, under util/*.exp

Fri, Aug 09, 2002 at 04:58:30PM +0200, odusseus:
> Hi,
>
> +----------------+
> | Unix box |
> | running a prog |
> +----------------+
> |
> |
> |
> |
> V
> +---------------------+
> | Cisco device |
> | (router or switche) |
> +---------------------+
>
>
> I would like to know if it is possible to write a program on a Unix box where it could automatically run some commands on a
> cisco devices (7200 series and 3500XL) like:
>
> enable
> conf t
> int fa0/1
> shut
> end
>
> Thank you.
>
> Regards,
>
> Christophe
> ------------------------------------------
>
> Faites un voeu et puis Voila ! www.voila.fr
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You can use expect: example here (quick and dirty)

command usage: ./autotel myswitch
#note myswitch and hostname prompt must match in this case..

#!/usr/local/bin/expect -f
## call with autotel host username password

set host [lindex $argv 0]
set rcfile [open ~/.autotel/pwd r ] #Opens file for password pwd
file has user <cr> password
gets $rcfile user
gets $rcfile pass
spawn telnet "$host"
expect "Username:"
send "$user\r"
expect "Password:"
send "$pass\r"
expect "$host>"
send "en\r"
expect "Password:"
send "blahblahblah\r"
interact


==DMT>
- ----SIGNAURE-------
Douglas M. Todd, Jr.
CCNA, CCNP, CIT
Network Engineering
Partners Health Care
Building 149
149 13 Street
Charlestown, MA 02129-200
Tel: 617.726.1403
Email: dtodd@partners.org
- --------------------------------------------------------------------
PGP Finger Print: 9429 CAE3 B2D1 C2E1 DFBC E7A6 E90A 9BE5 C7B6 47BC
Key available via email.
Verisign S/N: 3ff65cdf58b9dceda004baeed49e16cf
https://digitalid.verisign.com/services/client/index.html

> -----Original Message-----
> From: Tejal Shah [mailto:tejal.shah@surat.iqara.net]
> Sent: Friday, August 09, 2002 12:08 PM
> To: Tim Franklin; odusseus; cisco-nsp
> Cc: odusseus; cisco-nsp
> Subject: Re: RE: [nsp] Cisco commands automatically sent
>
>
> Use perl module Net-Telnet-Cisco or rcmd
>
> with regards
> Tejal Shah
>
> ----- Original Message -----
> From: "Tim Franklin" <tim@colt.net>
> Date: Friday, August 9, 2002 8:49 pm
> Subject: RE: [nsp] Cisco commands automatically sent
>
> > > I would like to know if it is possible to write a
> > program on a
> > > Unix box where it could automatically run some
> > commands on a
> > > cisco devices (7200 series and 3500XL) like:
> > >
> > > enable
> > > conf t
> > > int fa0/1
> > > shut
> > > end
> >
> > Expect, if nothing else, will do what you want - you
> > can essentially control the telnet session from within
> > a script. You can do much the same thing from Perl,
> > Python, or some other scripting language of your
> > choice - open a telnet connection to the box, log in
> > and issue commands.
> >
> > The danger is that your script will probably need to
> > contain login information for the router, and in your
> > example above the enable password.
> >
> > Regards,
> > Tim.
> >
> > --
> > Tim Franklin ____________
> > Project Engineer \C/\O/\L/\T/ EN&S -
> > T: +44 20 7863 5714 V V V V IP Services
> > F: +44 20 7863 5876
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list real_name)s@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
> Go To http://www.iqara.net
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBPVP9MwgiZycqTvq3EQJH+wCfVMU96VASpgxLpdeszI3U7DB4nV0AmwXl
0re8GXdnc1ZgY8QARnbVjBPp
=dAps
-----END PGP SIGNATURE-----

Hello all
You probably want to use pancho
About:
Pancho is a utility that allows Cisco Router and Switch Administrators to make
changes to a single node, or group of nodes, without requiring the admin to
log into the individual device. It also provides configuration archiving
functionality by allowing you to copy the device configurations to a remote
server manually or though an automated process.

check this at http://pancho.lunarmedia.net/

Íà Friday 09 August 2002 17:58, odusseus íàïèñàõòå:
> Hi,
>
> +----------------+
>
> | Unix box |
> | running a prog |
>
> +----------------+
>
>
>
>
> V
> +---------------------+
>
> | Cisco device |
> | (router or switche) |
>
> +---------------------+
>
>
> I would like to know if it is possible to write a program on a Unix box
> where it could automatically run some commands on a cisco devices (7200
> series and 3500XL) like:
>
> enable
> conf t
> int fa0/1
> shut
> end
>
> Thank you.
>
> Regards,
>
> Christophe
> ------------------------------------------
>
> Faites un voeu et puis Voila ! www.voila.fr
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

--
--
Best Regards,

Boian Jordanov
SNE
Orbitel - the Internet Company
tel. +359 2 937 07 23

On Fri, 9 Aug 2002, MacDonald, James wrote:

> I use expect as well ... everything from password changes to major config
> changes and netflow collection. There are a tonne of examples on the web ...
> get the O'Reilly Expect book to help learn it. Also, I found a few ways to

Me too :)
I've successfully changed vty/console/enable passwords on large numbers of
access-servers, routers, and switches in record time using expect.

I ran into an odd problem with expect recently though. I know...I really
should just take a look at Rancid (maybe next week)...but I was trying to
come up with an expect script to archive configs last week. I have the
above mentioned book and know just enough expect to get basic things (like
mass password changes) done. I tried saving the config by sending show
run and expecting "end\r\n\r\n". Then I open a file and puts $output
$expect_out(buffer). This works on small configs, but on large routers
with large configs, I'd only get some seemingly random portion of the end
of the config. I could run the script against the same router several
times and get various sizes between 5 and 8kb in the output file. There
was apparently no pattern on consistency to it. Has anyone else had this
problem with $expect_out(buffer)?

----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________